b'           OFFICE OF\n    THE INSPECTOR GENERAL\n\nSOCIAL SECURITY ADMINISTRATION\n\n\n\n        CONTROLS FOR ISSUING\n       SOCIAL SECURITY NUMBER\n       VERIFICATION PRINTOUTS\n\n   December 2007    A-04-07-27112\n\n\n\n\n AUDIT REPORT\n\x0c                                    Mission\nBy conducting independent and objective audits, evaluations and investigations,\nwe inspire public confidence in the integrity and security of SSA\xe2\x80\x99s programs and\noperations and protect them against fraud, waste and abuse. We provide timely,\nuseful and reliable information and advice to Administration officials, Congress\nand the public.\n\n                                   Authority\nThe Inspector General Act created independent audit and investigative units,\ncalled the Office of Inspector General (OIG). The mission of the OIG, as spelled\nout in the Act, is to:\n\n  \xef\x81\xad Conduct and supervise independent and objective audits and\n    investigations relating to agency programs and operations.\n  \xef\x81\xad Promote economy, effectiveness, and efficiency within the agency.\n  \xef\x81\xad Prevent and detect fraud, waste, and abuse in agency programs and\n    operations.\n  \xef\x81\xad Review and make recommendations regarding existing and proposed\n    legislation and regulations relating to agency programs and operations.\n  \xef\x81\xad Keep the agency head and the Congress fully and currently informed of\n    problems in agency programs and operations.\n\n  To ensure objectivity, the IG Act empowers the IG with:\n\n  \xef\x81\xad Independence to determine what reviews to perform.\n  \xef\x81\xad Access to all information necessary for the reviews.\n  \xef\x81\xad Authority to publish findings and recommendations based on the reviews.\n\n                                     Vision\nWe strive for continual improvement in SSA\xe2\x80\x99s programs, operations and\nmanagement by proactively seeking new ways to prevent and deter fraud, waste\nand abuse. We commit to integrity and excellence by supporting an environment\nthat provides a valuable public service while encouraging employee development\nand retention and fostering diversity and innovation.\n\x0c                                              SOCIAL SECURITY\nMEMORANDUM\n\nDate:      December 5, 2007                                                                       Refer To:\n\nTo:        The Commissioner\n\nFrom:      Inspector General\n\nSubject:   Controls for Issuing Social Security Number Verification Printouts (A-04-07-27112)\n\n\n           OBJECTIVE\n           Our objective was to determine whether the Social Security Administration\xe2\x80\x99s (SSA)\n           internal controls over the issuance of Social Security Number (SSN) Verification\n           Printouts (SSN Printout) were effective.\n\n           BACKGROUND\n\n           In compliance with both the Privacy Act of 1974 (Privacy Act) and the Social Security\n           Act, 1 SSA\xe2\x80\x99s information disclosure policy dictates that it will protect the privacy of\n           individuals to the fullest extent possible, while also permitting the exchange of\n           information needed to fulfill its administrative and program responsibilities.\n           Notwithstanding some exceptions, Federal law gives individuals the right to access\n           information about themselves that is in SSA\xe2\x80\x99s systems of records.\n\n           Generally, individuals have access to records maintained by SSA that are retrievable by\n           name, SSN or other personal identifier. 2 Some of the most frequently requested\n           SSN-related records include the original Application for a Social Security Card\n           (Form SS-5) and the Numident. The Numident is an electronic record of the\n           information contained on an individual\xe2\x80\x99s original application for an SSN and subsequent\n           applications for replacement cards. Numident printouts are not issued by SSA field\n           offices. To obtain a Numident printout, an individual must send a written request to\n           SSA\xe2\x80\x99s Central Office and pay a $16 fee.\n\n\n\n\n           1\n               Privacy Act of 1974, 5 U.S.C. \xc2\xa7 552a and the Social Security Act, \xc2\xa7 1106, 42 U.S.C. \xc2\xa7 1306.\n           2\n               20 Code of Federal Regulations (C.F.R.) \xc2\xa7 401.20 (a).\n\x0cPage 2 - The Commissioner\n\n\nThe Numident contains a significant amount of the numberholder\xe2\x80\x99s personally\nidentifiable information (for example, name, SSN, date of birth, place of birth, and\nparents\xe2\x80\x99 names). Because SSA was concerned about potential identity theft that could\noccur if a Numident were obtained by someone with ill intent, in January 2002, SSA\nbegan issuing SSN Printouts, which contain the numberholder\xe2\x80\x99s name and SSN. See\nAppendix B for a sample SSN Printout. Although not shown on the example, SSA field\noffices are required to mark the printouts with a stamp indicating which office issued the\ndocument. Additionally, personnel approving the request for an SSN Printout must sign\nthe form before providing it to the requestor.\nSSA\xe2\x80\x99s Program Operations Manual System (POMS) states, \xe2\x80\x9cThe Numident and the\nSSN Verification Printout are NOT official verifications of an SSN.\xe2\x80\x9d 3 Additionally, the\nSSN Printout states\n             YOUR SOCIAL SECURITY CARD IS THE OFFICIAL VERIFICATION\n             OF YOUR SOCIAL SECURITY NUMBER. THIS PRINTOUT DOES\n             NOT VERIFY YOUR RIGHT TO WORK IN THE UNITED STATES.\n             PROTECT YOUR SOCIAL SECURITY NUMBER FROM FRAUD AND\n             IDENTITY THEFT. BE CAREFUL WHO YOU SHARE YOUR NUMBER\n             WITH.\n\nUnlike the Social Security card, the SSN Printout contains no significant security\nfeatures other than the field office stamp and employee signature.\nIn Fiscal Year (FY) 2006, SSA offices issued about 6.3 million SSN Printouts. See\nAppendix C for the distribution of SSN Printouts issued by SSA regions. The number of\nSSN Printouts has significantly increased from FY 2003, the first full year SSA issued\nthem. In FY 2003, SSA issued about 4.6 million, by 2006 the number of SSN Printouts\nincreased by about 1.7 million or 37 percent. See Appendix D for more background\ninformation.\n\nTo accomplish our objective, we reviewed pertinent sections of Federal laws,\nregulations and SSA policies and procedures. We also obtained and analyzed a data\nextract from SSA\xe2\x80\x99s Audit Trail System (ATS), which contained some transaction data on\nSSN Printouts issued in FY 2006. Further, we interviewed officials from 42 SSA field\noffices (including the 25 that issued the most SSN Printouts in FY 2006), 4 district\noffices and 4 regional offices to determine (1) their procedures for issuing SSN\nPrintouts and (2) whether they received any management information regarding the\nSSN Printout workload. Additionally, of the 42 field offices, we visited 21 to observe\ntheir procedures for processing SSN Printouts. In total, we observed SSA personnel\nissuing 72 SSN Printouts. We also interviewed representatives from SSA components\ninvolved in the development and implementation of SSN Printout regulations and\npolicies. These components included the Offices of Operations, Income and Security\nPrograms, Systems and General Counsel. See Appendix E for more information on our\nscope and methodology.\n\n\n3\n    POMS RM 00202.320 B.3.\n\x0cPage 3 - The Commissioner\n\n\nRESULTS OF REVIEW\nWe believe the Agency\xe2\x80\x99s controls for issuing SSN printouts should be strengthened.\nAlthough the appearance of a Social Security card and an SSN Printout vary\nsignificantly, the critical content of these documents is identical. That is, both\ndocuments contain vital information about the numberholder\xe2\x80\x94their name and SSN.\nWe acknowledge that the SSN Printout clearly states the only true proof of one\xe2\x80\x99s SSN\nis the Social Security card. However, our review found that the Printout is treated by\nsome third parties as an equal\xe2\x80\x94or even superior\xe2\x80\x94verification of an individual\xe2\x80\x99s SSN.\nIn line with the treatment of these documents, we believe the issuance of SSN Printouts\nshould be afforded the same amount of control and care as the issuance of Social\nSecurity cards.\n\nThis discrepancy exists in part because the Agency has attempted to comply with the\nspirit of the Privacy Act and allow individuals access to information about themselves in\nSSA records\xe2\x80\x94without undue burden on the requestor. However, given the\n(1) significant increase in requests for these documents in recent years, (2) the\nincrease in identity theft and (3) the Agency\xe2\x80\x99s equally important mandate of protecting\nnumberholders\xe2\x80\x99 personally identifiable information, we believe procedures for issuing\nSSN Printouts should adhere to recently enhanced replacement Social Security card\nissuance procedures.\n\nFor example, we believe the same identity documents presented to obtain a\nreplacement Social Security card should be required to obtain an SSN Printout.\nCurrently, SSA policy allows for the numberholder to provide less probative identity\ndocuments (such as, credit cards) to obtain an SSN Printout. Additionally, unlike\nrecently implemented limits on the number of replacement Social Security cards an\nindividual can obtain in a year and lifetime, there are no such limits on SSN Printouts.\nIn fact, we determined that over 55,000 numberholders obtained 3 or more SSN\nPrintouts during FY 2006. Also, we believe systems\xe2\x80\x99 capability to capture a request for\nan SSN Printout similar to a Social Security card application would better ensure\nprocedures are followed and the requestor\xe2\x80\x99s identity is established before releasing this\nsensitive and personally identifiable information.\n\nWe also believe SSA should develop and disseminate more management information\nregarding the SSN Printout workload. Currently, SSA managers have little information\nto monitor the number of SSN Printouts issued and/or anomalies. For example, better\nmanagement information may enable responsible SSA personnel to address potential\nproblems such as the large number of printouts issued by certain field offices and\nnumberholders who obtained an excessive number of printouts during an\ninterview/day/year.\n\nFinally, because the demand for SSN Printouts by third parties has increased, we\nbelieve SSA must raise awareness among these entities regarding alternate and\nperhaps more reliable and efficient methods for verifying that an SSN belongs to an\nindividual seeking their services or employment.\n\x0cPage 4 - The Commissioner\n\n\nPROCEDURES FOR ISSUING SSN PRINTOUTS SHOULD FOLLOW THE\nIMPROVED REPLACEMENT CARD PROCEDURES\n\nSSA\xe2\x80\x99s procedures for issuing an SSN Printout allow numberholders to prove their\nidentity with documents that have limited probative value. In response to the\n                                                                   4\nIntelligence Reform and Terrorism Prevention Act of 2004 (IRTPA) and its own efforts\nto better ensure SSN integrity, SSA revised its policies and procedures for issuing\nreplacement Social Security cards. In particular, SSA:\n\n\xe2\x80\xa2     Increased the identity requirements for obtaining a replacement SSN card. In most\n      situations, numberholders must now present certain valid photo identification\n      documents of high probative value to prove their identity.\n\n\xe2\x80\xa2     Limited the number of replacement Social Security cards an individual can receive\n      to 3 in a year and 10 in a lifetime. 5\n\n\xe2\x80\xa2     Required that field offices use the SS-5 Assistant to process most SSN applications.\n      See Appendix F for a discussion of the SS-5 Assistant.\n\nHowever, SSA did not implement similar procedures in the SSN Printout issuance\nprocess.\n\nIdentity Requirements\n\nDespite increasing identity requirements for an individual to obtain a replacement Social\nSecurity card, SSA procedures for issuing SSN Printouts remain relatively unchanged.\nAccording to SSA officials, the identity requirements for obtaining an SSN Printout are\nless restrictive than those for obtaining an SSN card, but are consistent with SSA\xe2\x80\x99s\n                                                           6\ndisclosure regulations that implement the Privacy Act. Specifically, SSA\xe2\x80\x99s policies and\nprocedures for issuing an SSN Printout allow individuals to prove their identity with a\n\xe2\x80\x9cdriver\xe2\x80\x99s license, credit card, passport, or other identification a person might normally\n        7\ncarry.\xe2\x80\x9d Also, in certain circumstances, individuals can obtain the SSN Printout from a\nfield office without any identity documents. In this situation, the individual is required to\nanswer identifying questions and sign a form SSA-795, Statement of Claimant or Other\nPerson. 8 Finally, numberholders can obtain an SSN Printout by calling SSA or sending\na written request. In either of these situations, photograph identification is not required.\nNumberholders prove their identity by providing identifying information\xe2\x80\x94not identity\ndocuments. In contrast, SSA does not take replacement card applications over the\n4\n    Public Law 108-458, December 17, 2004.\n5\n    POMS RM 00202.239 A.\n6\n    20 C.F.R. \xc2\xa7 401.40 (a).\n7\n    POMS GN 03340.015 B.\n8\n    POMS GN 03380.005 B.1.and GN 03340.015 B.\n\x0cPage 5 - The Commissioner\n\n\nphone. Although, SSA accepts replacement SSN card applications via the mail, the\nnumberholder must submit original identity documents that meet SSA requirements.\nWe believe the less restrictive identity requirements for SSN Printouts increase the\nchance SSA will improperly provide an individual with documentation of personally\nidentifiable information they should not have.\n\nDuring the course of our audit fieldwork, we observed SSA personnel issuing 72 SSN\nPrintouts at 21 field offices. Of these, SSA personnel issued 13 (18.1 percent)\nPrintouts based on identity documents that would not be acceptable to obtain a\nreplacement Social Security card. In fact, SSA personnel issued 6 (8.3 percent) of the\n72 Printouts when the requestor had no identifying documentation. Instead, these\nindividuals answered a series of questions mandated by SSA policy, which are\ndesigned to help establish the individual\xe2\x80\x99s identity, and then signed form SSA-795 to\ncertify their identity. Given the personally identifiable information contained in these\ndocuments, which we believe is equal to that of the Social Security card, we are\nconcerned that almost 20 percent were issued without substantive proof of the\nrequestor\xe2\x80\x99s identity.\n\nMultiple SSN Printouts Issued to Numberholders in a Day and Year\n\nIn December 2005, in compliance with IRTPA, SSA began limiting the number of\nreplacement Social Security cards a numberholder can obtain to 3 in a year and 10 in a\nlifetime. As we reported in a September 2001 audit report, Replacement Social\nSecurity Number Cards: Opportunities to Reduce the Risk of Improper Attainment and\nMisuse, the ability to obtain multiple replacement Social Security cards could lead to the\nsharing of these cards for improper purposes\xe2\x80\x94such as, for employment by noncitizens\nunauthorized to work in the United States.\n\nWe are equally concerned about the ability of numberholders to obtain multiple SSN\nPrintouts in a day, year and lifetime and believe that the ability to do so may negate the\nlimits on replacement cards. We recognize the Privacy Act requires that SSA give\naccess to information it holds in its systems of records to the numberholder. However,\nwe believe SSA should establish an acceptable number of SSN Printouts an individual\nmay obtain in a day, year or lifetime and require specific management approval for\nrequests exceeding that number. During our audit and after discussions with Agency\npersonnel regarding our data analysis, SSA revised its policy to state that generally\nSSA personnel should not issue more than one SSN Printout to a requestor in the\nsame interview/same day. 9 However, the Agency has not incorporated any system\ncontrols to preclude such occurrences.\n\nOur analysis of the FY 2006 ATS data determined that some numberholders obtained\nmultiple SSN Printouts during the year, and others received multiple printouts in a day.\nTable 1 provides details on numberholders who received three or more SSN Printouts\nin FY 2006.\n\n9\n    POMS RM 00202.320 C.2.\n\x0cPage 6 - The Commissioner\n\n\n     Table 1: Numberholders Received Multiple SSN Printouts During FY 2006\n\n                      SSN Printouts                 Numberholders\n                        Received                  Day         Year\n                      3                             7,269         45,214\n                      4                             1,447          7,280\n                      5                               527          1,747\n                      6 to 9                          511          1,068\n                      10 or more                       36             77\n                                   Total            9,790         55,386\n\nWe asked SSA personnel in field offices, district and regional offices and other\nknowledgeable components if they could provide any explanations why someone would\nneed multiple SSN Printouts in a day or as many as 10 in a year. Most commonly, they\nspeculated that numberholders may have requested copies for multiple third parties or\ncomputer printing problems occurred (that is, the printer did not actually print copies of\nthe documents, but the system registered a count each time the user tried).\nAdditionally, some pointed out that our audit period included the period following\nHurricane Katrina, during which SSN Printouts were provided to numberholders so they\ncould replace other identity documents (such as, a driver\xe2\x80\x99s license).\n\nSSA examined the 77 occurrences in which numberholders were issued 10 or more\nSSN Printouts during FY 2006. SSA determined that the SSN Printouts were not\nimproperly issued. Specifically, the Agency found that many of the numberholders had\nunusual circumstances that required multiple SSN Printouts, and, in other cases, the\nmultiple SSNs Printouts were associated with staff training. Although the SSN Printouts\nwere not involved in any improper action, we believe proactive integrity reviews of\ninstances in which the number and frequency of SSN Printouts appear unusual would\nfurther improve controls.\n\nSSN Printout Issuance Process\n\nCurrently, SSA personnel issue SSN printouts through a print query of the Numident\nfile. No record of the applicant\xe2\x80\x99s identity document(s) is established. For replacement\nSocial Security cards, field office staff is required to process applications through the\nSS-5 Assistant. 10 (See Appendix F for additional information on the SS-5 Assistant.)\nTo complete the application, field office staff must record in the SS-5 Assistant the type\nof identity document presented, the document\xe2\x80\x99s identification number and other\npertinent information. We believe SSA should implement a similar system to process\nand record requests for SSN Printouts. Such a system will better ensure that SSA\n\n\n10\n  The SS-5 Assistant, a Microsoft Access-based application, guides field office personnel in processing\nSSN applications by providing structured interview questions and requiring certain data to complete the\napplication process. Overall, the SS-5 Assistant is intended to increase control over the SSN application\nprocess, improve the quality of data used to assign an SSN and enable management to better control this\nworkload.\n\x0cPage 7 - The Commissioner\n\n\npersonnel follow required procedures and establish the requestor\xe2\x80\x99s identity before\nreleasing this sensitive and personally identifiable information.\n\nWe recognize SSA does not issue as many SSN Printouts in a year as it does\nreplacement cards. Nevertheless, we believe the number of SSN Printouts issued is\nsignificant. Since 2004, the number of SSN Printouts issued has averaged close to\n6 million per year, while the number of replacement cards averaged about 12 million per\nyear. Table 2 details the number of SSN Printouts and replacement cards issued since\n2004.\n\n                   Table 2: Replacement Cards and SSN Printouts\n                                 Issued Since 2004\n\n                                  Number of          Number of SSN\n                   Fiscal\n                                 Replacement          Verification\n                    Year\n                                  SSN Cards            Printouts\n                    2004          12,364,771           5,304,052\n                    2005          12,078,921           5,621,500\n                    2006          11,575,697           6,336,750\n\nSSN Printouts are often issued in conjunction with a replacement card application. In\nprocessing a replacement Social Security card application, SSA personnel must view\nand record data from established identify documents. Accordingly, in these instances,\nSSA has the information recorded in SS-5 Assistant for the replacement card\napplication, which would apply to the request for an SSN Printout. However, the SS-5\nAssistant does not currently have the functionality to document the same information\nwhen only an SSN Printout is requested. Additionally, the SS-5 Assistant does not\ncapture when an SSN Printout is issued as part of a replacement card application.\n\nMANAGEMENT INFORMATION IS NEEDED TO BETTER MONITOR THE SSN\nPRINTOUT WORKLOAD\n\nSSA does not have procedures in place to share relevant SSN Printout management\ninformation with responsible personnel. As a result, managers at the field, district, and\nregional offices did not have necessary data to address any potential problems with this\nworkload\xe2\x80\x94such as, excessive issuance of these documents by a particular field office\nor to a specific numberholder. SSA\xe2\x80\x99s systems did capture some data on the SSN\nPrintout workload through ATS. However, this information was limited to the following\nelements for each request:\n\n\xe2\x80\xa2   SSN,\n\xe2\x80\xa2   date issued,\n\xe2\x80\xa2   office code where originated, and\n\xe2\x80\xa2   employee number of the SSA staff that initiated the action.\n\x0cPage 8 - The Commissioner\n\n\nSSA did not compile or disseminate these data to responsible Agency managers. As a\nresult, responsible personnel could not analyze trends or anomalies in the SSN Printout\nworkload. For example, the managers we spoke with were not aware that, during\nFY 2006, almost 10,000 numberholders obtained more than 3 SSN Printouts in a single\nday, and over 55,000 obtained more than 3 SSN Printouts throughout the year. Had\nthis information been available earlier, the Agency could have performed a more timely\ninvestigation of any egregious cases.\n\nWe also found that certain field offices issued a high volume of SSN printouts. Analysis\nof the ATS data disclosed that 25 (1.8 percent) of SSA\xe2\x80\x99s 1338 field offices issued about\n700,000 (11 percent) of the 6.3 million SSN Printouts in FY 2006. We believe office\nsize and visitor traffic were not the only factors that explain why these offices issued a\nhigh number of SSN printouts. For example, some managers we spoke with\nacknowledged that personnel in their field offices generally asked every applicant for a\nreplacement Social Security card whether they needed immediate proof of their\nSSN\xe2\x80\x94via an SSN Printout. This practice did not comply with SSA policies and\nprocedures. A comparison of the number of SSN Printouts issued to the number of\nreplacement Social Security cards issued for the top 25 field offices disclosed that\n\n\xe2\x80\xa2   11 offices processed more SSN Printout requests than replacement Social Security\n    card applications, and\n\n\xe2\x80\xa2   7 offices processed about the same number of SSN Printout requests as\n    replacement Social Security card applications.\n\nSee Appendix G for detailed information on the 25 field offices that issued the most\nSSN Printouts in FY 2006.\n\nWe believe reliable management information for SSN printouts would help SSA ensure\nthe proper issuance of these documents. Almost all of the SSA managers interviewed,\nresponded that some SSN Printout information for their offices would be helpful.\nAdditionally, most managers indicated that timely information about unusual situations\nsuch as an excessive number of SSN Printouts issued to one individual in a day or year\nwould enable them to be more proactive in preventing potential SSN misuse.\n\nDEMAND FOR THE SSN PRINTOUT HAS INCREASED\n\nFor the 4-year period October 2002 through September 2006, the number of SSN\nPrintouts increased in each consecutive FY. From FY 2003 to FY 2006, the number of\nSSN Printouts issued increased by 37.2 percent. Table 3 details the number of SSN\nPrintouts issued in the last 4 FYs.\n\x0cPage 9 - The Commissioner\n\n\n                      TABLE 3: 4-Year History of SSN Printouts\n\n                             SSN                            Percentage\n             Fiscal                      Increase from\n                         Verification                      Increase from\n              Year                       previous year\n                          Printouts                        Previous Year\n              2003        4,618,180            --                 --\n              2004        5,304,052         685,872             14.9\n              2005        5,621,500         317,448              6.0\n              2006        6,336,750         715,250             12.7\n\nMany of the management officials interviewed explained that the high volume of SSN\nPrintouts issued, and the growth in these numbers has been driven by third parties who\nwant the document to verify an individual\xe2\x80\x99s SSN. Our observations seem to confirm this\nbelief. We observed the issuance of 72 SSN Printouts and learned that the\nnumberholders requested the document for various reasons, as detailed in Table 4.\n\n              TABLE 4: Reasons Why SSN Printouts Were Requested\n\n                                                              SSN\n          Reason For SSN Printout Requests                                Percent\n                                                            Printouts\n Employer                                                      24           33.3\n State Department of Motor Vehicles                            16           22.2\n State Social Service Agencies                                 12           16.7\n Other Third Parties (such as tax preparers)                   15           20.8\n Personal Use                                                   5            7.0\n                                                   Total       72           100\n\nAs confirmed by our observations, field office managers with whom we spoke stated\nthat employers and State Departments of Motor Vehicles (DMV) are the third parties\nthat most frequently ask numberholders to obtain SSN Printouts. DMVs and employers\nknow the SSN Printout provides a fast and reliable method for verifying an SSN and\nrequires little effort on their part. In some cases, it appears these entities prefer the\nSSN Printout over SSN verification services offered by SSA. In fact, most State DMVs\nalready use the Social Security On-Line Verification (SSOLV) service, which compares\nan individual\xe2\x80\x99s name and SSN with SSA data\xe2\x80\x94and provides real-time feedback.\nTable 5 details some of the SSN verification services SSA provides to employers,\nDMVs and, in some instances, State agencies.\n\x0cPage 10 - The Commissioner\n\n\n                   Table 5: Some of SSA\xe2\x80\x99s SSN Verification Services\n\n        Service                Users                      Method of Verification\n                             Employers         Telephone, fax, written request via mail, or\n       Employee\n                             and State         magnetic tape. Employer must register with\n      Verification\n                               Benefit         SSA when requests exceed 50 SSNs or\n        Service                                magnetic tape is used.\n                              Agencies\n     Social Security                           On-line verification only. Employer must\n        Number                                 register with SSA to obtain an activation\n                             Employers         code, personal identification number and\n      Verification\n        Service                                password\n                                               On-line verification. Employer must register\n                                               for program with the Department of\n                                               Homeland Security. E-Verify also provides\n        E-Verify             Employers\n                                               information to the employer regarding the\n                                               employee\xe2\x80\x99s work authorization status in the\n                                               United States.\n                                               On-line only. Users enter SSNs to be\n        SSOLV               State DMVs\n                                               verified on SSA website.\n\nAlthough SSA\xe2\x80\x99s overall position is that the Social Security card is the only official paper\nverification of the SSN, in practicality the SSN Printout is used for just this purpose. In\nfact, SSA policies and procedures state that the SSN Printout can be used for SSN\nverification purposes. 11 Further, the document includes the language \xe2\x80\x9cSocial Security\nNumber Verification\xe2\x80\x9d and \xe2\x80\x9cOur Records Indicate that the Social Security Number\n(000-00-000) is Assigned to (numberholder name).\xe2\x80\x9d Accordingly, there appears to be\ncontradictory policy regarding the purposes and value of the SSN Printout in SSA\xe2\x80\x99s own\nguidelines. Until such time as SSA clarifies its policies and, perhaps revises the\nlanguage on the SSN Printout, we believe third parties will continue to rely on this\ndocument as official verification of an individual\xe2\x80\x99s SSN.\n\nAdditionally, to address the increased demand for these documents by third parties, we\nbelieve SSA should undertake an aggressive outreach program that informs employers\nof the ease and usefulness of SSN verification services. This outreach should extend\nto State DMVs, which should be encouraged to verify SSNs through SSA\xe2\x80\x99s on-line\nservices rather than the SSN Printout.\n\n\n\n\n11\n  POMS GN 03325.025 B.1. \xe2\x80\x9cUse the SSN Verification Printout, available through the Numident Query\nscreen for all requests for SSN verification.\xe2\x80\x9d\n\x0cPage 11 - The Commissioner\n\n\nCONCLUSION AND RECOMMENDATIONS\nBecause the SSN Printout contains sensitive personally identifiable information about\nnumberholders and could be misused, we believe SSA\xe2\x80\x99s policies and procedures for\nthe issuance of these documents should be strengthened. Specifically, SSA should\nrequire that individuals who request SSN Printouts provide the same identity documents\nrequired for replacement Social Security card applications. Further, SSA should\nestablish an acceptable number of SSN Printouts an individual may obtain in a day,\nyear or lifetime and require management approval for requests exceeding that number.\n\nWe also believe SSA should consider developing a system similar to the SS-5 Assistant\n(or its successor) to provide an application process for SSN Printouts so (1) a record of\nthe applicant\xe2\x80\x99s identity document(s) is recorded and maintained and (2) SSA can be\nassured that personnel follow all policy requirements for issuing the printout. We also\nbelieve SSA should provide better management information to those responsible for\nthis workload. Finally, given the increased demand for SSN Printouts by third parties,\nwe believe SSA should undertake an extensive outreach program to better inform these\nentities of the ease and usefulness of already established SSN verification services.\n\nWe recommend SSA:\n\n1. Revise the applicable Federal regulation and SSA policies governing individuals\xe2\x80\x99\n   right to access their personal information maintained in the Agency\xe2\x80\x99s system of\n   records. Specifically, we believe these individuals should be required to present the\n   same type of identity documents as replacement Social Security card applicants.\n\n2. Establish an acceptable number of SSN Printouts an individual may obtain in a day,\n   year or lifetime, and require specific management approval for requests exceeding\n   that number.\n\n3. Establish procedures to perform routine integrity reviews of anomalies involving the\n   issuance of SSN Printouts. Any cases involving potential SSN misuse should be\n   referred to the Office of the Inspector General.\n\n4. Consider developing a system or application similar to the SS-5 Assistant to\n   document and track actions taken to issue an SSN Printout.\n\n5. Develop and disseminate management information for the SSN Printout workload to\n   responsible SSA personnel. At a minimum, the information should enable\n   managers to identify anomalies in the number of SSN Printouts issued by field\n   offices and to numberholders.\n\n6. Clarify SSA policies and the SSN Printout language to consistently communicate the\n   Agency\xe2\x80\x99s official position as to whether the document is valid for SSN verification\n   purposes.\n\x0cPage 12 - The Commissioner\n\n\n7. Extend outreach to employers, DMVs and other third parties in areas where the\n   demand for SSN Printouts is high to raise the awareness that SSA offers verification\n   services.\n\n8. Issue a reminder to field office staff that SSN Printouts should only be issued when\n   the numberholder expresses an immediate need for a verification of the SSN.\n\nAGENCY COMMENTS\n\nSSA agreed with Recommendations 4, 6 and 7, and partially agreed with\nRecommendations 1, 2, 3 and 5. SSA disagreed with Recommendation 8. A summary\nof the Agency\xe2\x80\x99s responses for Recommendations 1, 2, 3, 5 and 8 follows. See\nAppendix H for the full text of SSA\xe2\x80\x99s comments.\n\nRegarding Recommendation 1, which suggested that individuals requesting SSN\nprintouts should be required to present the same type of identity documents as those\napplying for replacement Social Security cards and that the Federal Regulation should\nbe revised to reflect these revised requirements. In its response, SSA states that its\ncurrent policies for verifying identity are sufficient and provide individuals access to their\nrecords as required by the Privacy Act guidelines. However, the Agency acknowledged\nthe risk of identity theft associated with disclosing the SSN. Accordingly, SSA stated it\nwill evaluate the effectiveness of improved controls planned for FY 2008 and assess\ncurrent regulatory requirements to determine whether any regulatory changes are\nneeded to increase identity requirements for issuing SSN Printouts.\n\nSSA partially agreed with Recommendation 2, in which we suggested the Agency\nshould establish an acceptable number of SSN Printouts an individual may obtain in a\nday, year or lifetime and require specific management approval for requests exceeding\nthose numbers. The Agency cited the Privacy Act\xe2\x80\x94stating that the Act establishes an\nindividual\xe2\x80\x99s right of access to records maintained by Federal agencies without limiting\nthe number of times those records can be requested. However, in its response, SSA\nacknowledged the need to balance the responsibility for protecting SSNs with the\nobligation of providing individuals access to personal information. Accordingly, SSA\nagreed to assess how limiting the number of SSN Printouts individuals can obtain\nimpacts their Privacy Act rights.\n\nSSA partially agreed with Recommendation 3, which suggested that it perform routine\nintegrity reviews of anomalies involving the issuance of SSN printouts. SSA stated that\nthis action will be completed through the new Web-based Comprehensive Integrity\nReview Process (CIRP), which is scheduled for implementation in FY 2008. As such,\nthe Agency will not establish special procedures to review SSN Printout anomalies.\n\nSSA partially agreed with Recommendation 5, in which we suggested the Agency\ndevelop and disseminate information for the SSN Printout workload to responsible SSA\npersonnel. Again, the Agency stated that the new version of CIRP will make certain\n\x0cPage 13 - The Commissioner\n\n\nSSN Printout information available to managers. However, the Agency stated that it did\nnot believe multiple printouts alone are indicators of possible fraud, abuse or misuse.\n\nFinally, the Agency disagreed with Recommendation 8 in which we suggested SSA\nissue a reminder to field office staff that SSN Printouts should only be issued when the\nnumberholder expresses an immediate need for a verification of the SSN. SSA stated\nthat current policy does not dictate that the numberholder express an \xe2\x80\x9cimmediate need\xe2\x80\x9d\nfor this information. Once again, the Agency cited Privacy Act provisions, which protect\nan individual\xe2\x80\x99s right to access his or her record. Additionally, the Agency stated the\nOffice of Management and Budget\xe2\x80\x99s (OMB) Privacy Act guidelines indicate that the\ngranting of access may not be conditioned upon any requirement to state a reason or\notherwise justify the need to gain access to a particular record.\n\nOIG RESPONSE\nWhile we agree with and respect individuals\xe2\x80\x99 rights to access records Federal agencies\nmaintain about them, we believe SSA and other Federal agencies have an equally\nparamount responsibility to protect the information they house on individuals. In fact,\nOMB recently issued a memorandum to the heads of Federal departments and\nagencies on how to best safeguard personally identifiable information. In general, the\nmemorandum requires Federal agencies to implement additional controls to safeguard\nthis data. We understand the Privacy Act guidelines are designed to ensure individuals\nare not unduly burdened when seeking information about themselves from Federal\nagencies\xe2\x80\x94and it is not our intent to place unreasonable restrictions on this process.\nHowever, we believe SSA should consider the need for legally permissible revisions in\nits implementation of the Privacy Act and other governing guidance in light of the\nunprecedented growth in identity-related crimes and the obligation of Federal agencies\nto protect personally identifiable information, such as information contained on SSN\nPrintouts.\n\nAs the issuer and keeper of hundreds of millions of SSNs and related records, we\nbelieve SSA should be the standard-bearer in establishing controls that protect this\ninformation. Currently, we do not believe the Agency\xe2\x80\x99s controls over SSN Printout\nissuance provide sufficient protection of this personal information. Specifically, we are\nconcerned that SSA\xe2\x80\x99s procedures do not always ensure the person obtaining the SSN\nPrintout is the numberholder. In its response to our recommendations, SSA indicated it\nwill further evaluate the need to strengthen controls over the SSN Printout workload and\ndetermine whether changes to privacy related regulations are needed.\n\nWe are encouraged SSA is working to improve the integrity of the SSN. However, SSA\nonly partially agreed with four of our recommendations and disagreed with one. Our\nconcerns with SSA\xe2\x80\x99s response to these five recommendations are discussed below.\n\nRegarding Recommendation 1, we are pleased that SSA plans to evaluate possible\nregulatory changes to strengthen the identity requirements for SSN Printouts. In FY\n2006, SSA issued over 6 million SSN Printouts, which contained the same personally\n\x0cPage 14 - The Commissioner\n\n\nidentifiable information as Social Security cards. The OIG certainly understands and\nfully respects the importance of the Privacy Act. However, given the number of SSN\nPrintouts issued in FY 2006 and the risk associated with disclosing an SSN, we do not\nbelieve it is unduly burdensome to require that an individual provide the same type of\nidentity documents to obtain an SSN printout as is required for a replacement Social\nSecurity card.\n\nAs to Recommendation 2, we are encouraged that SSA is going to consider how\nlimiting the number of SSN printouts an individual can obtain impacts their right to\ninformation under the Privacy Act. We acknowledge that the Agency found no fraud or\nabuse in the cases it reviewed in which individuals obtained 10 or more SSN Printouts\nin FY 2006. However, the absence of fraud should not dissuade the Agency from\naddressing known vulnerabilities. We believe the potential an individual could\nimproperly obtain an SSN Printout and use it to assume the true numberholder\xe2\x80\x99s\nidentity should be sufficient incentive for the Agency to implement our\nrecommendation\xe2\x80\x94especially given that it issues millions of these documents every\nyear.\n\nRegarding Recommendations 3 and 5, we are pleased that CIRP will provide additional\ninformation to managers regarding the SSN Printout workload. However, we\nunderstand that this information will be limited. That is, CIRP will identify SSN Printouts\nissued, but regional or field office managers will have to download the information and\nperform their own analyses to identify trends such as an individual obtaining multiple\nPrintouts in a given time period\xe2\x80\x94especially, if they obtain these printouts at various\nfield offices. Additionally, we understand that no aggregate figures will be provided to\nfield office or regional managers showing the total number of SSN Printouts issued by\ntheir office(s) each month (or year). Rather, the managers will have to ascertain (or\ncalculate) these figures from the CIRP reports. We believe such information would\nassist managers in identifying trends such as offices issuing an exceptionally high\nnumber of Printouts. Accordingly, we encourage SSA to consider developing and\ndisseminating additional management information, which the managers do not have to\nanalyze and calculate themselves.\n\nFinally, with regard to Recommendation 8, we acknowledge that SSA policy does not\nspecifically require that the individual who requests an SSN Printout cite an \xe2\x80\x9cimmediate\nneed\xe2\x80\x9d for SSN verification before the document is provided. Nevertheless, the policy\ndoes state that SSN Printouts should only be provided when expressly requested by the\nnumberholder. Additionally, the policy requires that SSA personnel explain that the\nSocial Security card is the official verification of an individual\'s SSN and encourage\n\x0cPage 15 - The Commissioner\n\n\nrequestors to apply for a replacement Social Security card, if necessary. Our intent was\nfor SSA to remind field office personnel that they should not offer every applicant for a\nreplacement Social Security card an SSN Printout nor should they provide the SSN\nPrintout as a form of receipt after an SSN application is processed. Based on the large\nvolume of SSN Printouts issued by some offices, we believe some form of reminder or\ntraining is warranted to reiterate the circumstances under which these documents\nshould be offered and provided.\n\n\n\n\n                                               Patrick P. O\xe2\x80\x99Carroll, Jr.\n\x0c                                      Appendices\nAPPENDIX A \xe2\x80\x93 Acronyms\nAPPENDIX B \xe2\x80\x93 Example of a Social Security Number Verification Printout\nAPPENDIX C \xe2\x80\x93 Social Security Number Verification Printouts by Region\nAPPENDIX D \xe2\x80\x93 Background\nAPPENDIX E \xe2\x80\x93 Scope and Methodology\nAPPENDIX F \xe2\x80\x93 The SS-5 Assistant\nAPPENDIX G \xe2\x80\x93 Twenty-five Field Offices That Issued the Most Social Security Number\n             Verification Printouts\nAPPENDIX H \xe2\x80\x93 Agency Comments\nAPPENDIX I \xe2\x80\x93 OIG Contacts and Staff Acknowledgments\n\x0c                                                                Appendix A\n\nAcronyms\nATS            Audit Trail System\nC.F.R.         Code of Federal Regulations\nCIRP           Comprehensive Integrity Review Process\nDMV            Department of Motor Vehicles\nEEVS           Employment Eligibility Verification System\nEVS            Employee Verification Service\nFY             Fiscal Year\nIRTPA          Intelligence Reform and Terrorism Prevention Act of 2004\nOMB            Office of Management and Budget\nPOMS           Program Operations Manual System\nSSA            Social Security Administration\nSSN            Social Security Number\nSSN Printout   SSN Verification Printout\nSSNAP          Social Security Number Application Process\nSSOLV          Social Security On-Line Verification\n\n\nForms\nSS-5           Application for a Social Security Card\nSSA-795        Statement of Claimant or Other Person\n\x0c                                                           Appendix B\n\nExample of a Social Security Number\nVerification Printout\nNUMI   DTE: 01/10/07   SSN: 000-00-0000 XC:   UNIT: OIG   PG: 001\n\n\n                SOCIAL SECURITY ADMINISTRATION\n             SOCIAL SECURITY NUMBER VERIFICATION\n\nOUR RECORDS INDICATE THAT SOCIAL SECURITY NUMBER 000-00-0000 IS\nASSIGNED TO JOHN, DOE, JR.\n\nYOUR SOCIAL SECURITY CARD IS THE OFFICIAL VERIFICATION OF YOUR\nSOCIAL SECURITY NUMBER. THIS PRINTOUT DOES NOT VERIFY YOUR RIGHT\nTO WORK IN THE UNITED STATES. PROTECT YOUR SOCIAL SECURITY\nNUMBER FROM FRAUD AND IDENTITY THEFT. BE CAREFUL WHO YOU SHARE\nYOUR NUMBER WITH.\n\x0c                                                               Appendix C\n\nSocial Security Number Verification Printouts by Region\n                            SSN                                      SSN\nRegion      State         Printouts\n                                      Region         State         Printouts\n         Massachusetts       73,084             Texas                 735,684\n         Connecticut         17,690             Louisiana             189,933\n         Rhode Island        17,353             Arkansas               68,500\n  1      New Hampshire       10,915     6       Oklahoma               49,371\n         Maine                8,615             New Mexico             45,395\n         Vermont              5,884                       Total     1,088,883\n         Total              133,541\n         New York           186,539             Missouri             191,212\n         New Jersey         115,890             Kansas                49,484\n  2      Puerto Rico         55,144     7       Iowa                   9,578\n         Virgin Islands       1,973             Nebraska               7,574\n         Total              359,546                        Total     257,848\n         Pennsylvania       196,976             Colorado              68,436\n         Virginia            96,894             Utah                  27,180\n         Maryland            53,675             Montana               11,984\n         District of\n  3      Columbia\n                             43,574     8       South Dakota            5,337\n         Delaware            19,165             North Dakota            4,878\n         West Virginia       19,093             Wyoming                 4,790\n         Total              429,377                        Total      122,605\n         Florida            441,299             California            655,336\n         Georgia            249,903             Arizona               105,737\n         North Carolina     211,811             Nevada                 84,400\n         Alabama            164,393             Hawaii                 17,565\n         Tennessee          148,249\n                                         9      American Soma           4,230\n  4\n         South Carolina     126,858             Guam                    3,070\n         Mississippi        123,112             Saipan                    873\n         Kentucky           106,758                        Total      871,211\n         Total            1,572,383             Washington             77,577\n         Ohio               520,398             Oregon                 29,433\n         Illinois           329,399     10      Alaska                 13,112\n         Indiana            200,642             Idaho                   9,869\n  5      Michigan           189,588                        Total      129,991\n         Wisconsin           94,683            Total of Regions     6,328,824\n         Minnesota           28,729     Other SSA Components            7,926\n         Total            1,363,439        Total SSN Printouts      6,336,750\n\x0c                                                                                     Appendix D\n\nBackground\nIn compliance with both the Privacy Act of 1974 and the Social Security Act, 1 the Social\nSecurity Administration\xe2\x80\x99s (SSA) information disclosure policy dictates that it will protect\nthe privacy of individuals to the fullest extent possible, while also permitting the\nexchange of information needed to fulfill its administrative and program responsibilities.\nNotwithstanding some exceptions, Federal law gives individuals the right to access\ninformation about themselves that are in SSA\xe2\x80\x99s systems of records.\n\nGenerally, individuals have access to records maintained by a Federal agency that are\nretrievable by name, Social Security number (SSN), or other personal identifier. 2 Some\nof the most frequently requested SSN-related records include the original Application\nfor a Social Security Card (Form SS-5) and the Numident. The Numident is an\nelectronic record of the information contained on an individual\xe2\x80\x99s original application for\nan SSN and subsequent applications for replacement cards. To obtain a Numident, an\nindividual must send a written request to SSA\xe2\x80\x99s Central Office and pay a $16 fee.\nWHAT IS AN SSN VERIFICATION PRINTOUT?\nNumidents contain a significant amount of personally identifiable information about the\nnumberholder (for example, name, SSN, date of birth, place of birth, and parents\xe2\x80\x99\nnames). Because SSA was concerned with potential identity theft that could occur if a\nNumident were obtained by someone with ill intent, in January 2002, SSA began\nissuing the SSN Printout, which contains the numberholder\xe2\x80\x99s name and SSN. See\nAppendix B for a sample SSN Printout. Although not shown on the example, SSA field\noffices are required to mark the printouts with a stamp indicating which office issued the\ndocument. Additionally, personnel approving the request for an SSN Printout must sign\nthe form before providing it to the requestor.\n\nSSA\xe2\x80\x99s Program Operations Manual System (POMS) states, \xe2\x80\x9cThe Numident and the\nSSN Verification Printout are NOT official verifications of an SSN.\xe2\x80\x9d 3 Additionally, the\nSSN printout states,\n               YOUR SOCIAL SECURITY CARD IS THE OFFICIAL VERIFICATION\n               OF YOUR SOCIAL SECURITY NUMBER. THIS PRINTOUT DOES\n               NOT VERIFY YOUR RIGHT TO WORK IN THE UNITED STATES.\n               PROTECT YOUR SOCIAL SECURITY NUMBER FROM FRAUD AND\n               IDENTITY THEFT. BE CAREFUL WHO YOU SHARE YOUR NUMBER\n               WITH.\n\n\n1\n    Privacy Act of 1974, 5 U.S.C. \xc2\xa7 552a and the Social Security Act, \xc2\xa7 1106, 42 U.S.C. \xc2\xa7 1306.\n2\n    20 Code of Federal Regulations (C.F.R.) \xc2\xa7 401.20 (a).\n3\n    POMS RM 00202.320 B.3.\n\n\n                                                     D-1\n\x0cUnlike the Social Security card, the SSN Printout contains no significant security\nfeatures other than the field office stamp and employee signature.\n\nIn Fiscal Year (FY) 2006, SSA offices issued about 6.3 million SSN Printouts. See\nAppendix C for the distribution of SSN Printouts issued by SSA Regions. The number\nof SSN Printouts has significantly increased from FY 2003, the first full year when SSA\nissued them. In FY 2003, SSA issued about 4.6 million, by 2006 the number of SSN\nPrintouts increased by about 1.7 million or 37 percent.\n\nWHY DO INDIVIDUALS REQUEST SSN PRINTOUTS?\n\nSSN numberholders and third parties request SSN Printouts for a number of reasons\xe2\x80\x94\nand, as more entities and numberholders become aware of these documents, the\ndemand for them appears to increase. The following are among the reasons we\nlearned SSN Printouts are issued.\n\n\xe2\x80\xa2   Applicants for replacement Social Security cards do not want to wait the\n    approximate 10 days required to receive the new card in the mail. Rather, they\n    request proof of their SSNs immediately\xe2\x80\x94often to provide it to a third party.\n\n\xe2\x80\xa2   Some third parties, such as State Departments of Motor Vehicles (DMV), employers,\n    tax preparers, and benefit agencies, require proof of an individual\xe2\x80\x99s SSN before\n    providing the applicable service or employment. We learned that some of these\n    entities know SSA field offices will issue the SSN Printouts immediately and\n    encourage numberholders to obtain them. Despite the existence of other SSN\n    verification services (for example, SSA\xe2\x80\x99s Employee Verification Service for\n    Registered Employers, the SSN Verification Service and the Social Security On-Line\n    Verification program provided to DMVs), we learned that some third parties prefer\n    the stamped SSN Printout for verification of a numberholder\xe2\x80\x99s SSN.\n\n\xe2\x80\xa2   Based on our audit, it appears that some numberholder\xe2\x80\x99s do not request SSN\n    Printouts but are offered them by field offices. Some SSA offices routinely ask most\n    replacement Social Security card applicants whether they would like an SSN\n    Printout and, when prompted, many of the numberholders respond affirmatively.\n    While this practice seems to be the exception rather than the norm, it does provide\n    some perspective regarding the disparity between the large number of SSN\n    Printouts some SSA field offices issue versus the much smaller number that the\n    majority of the SSA offices issue.\n\n\n\n\n                                           D-2\n\x0cHOW DO NUMBERHOLDERS OBTAIN AN SSN PRINTOUT?\n\nNumberholders may obtain SSN Printouts by (1) visiting their local SSA field office,\n(2) mailing a written request or (3) calling SSA. In each situation, the numberholder\nmust prove his/her identity. Table 1 details SSA\xe2\x80\x99s policy regarding how a numberholder\nmust prove his/her identity when requesting an SSN printout. 4\n\n                     TABLE 1: How Numberholders Prove Their Identity\n\n    SSN Printout is Requested at a Field Office\n    Numberholder should provide a driver\xe2\x80\x99s license, credit card, passport, or another\n    identification document that a person might normally carry.\n\n    If the numberholder has no identification, the individual should sign a statement that\n    certifies their identity.\n\n    SSN Printout is Requested by Mail\n    Numberholder should send a written request that provides his/her name, address and\n    SSN; along with a notarized statement of identity.\n\n    SSN Printout is Requested by Telephone\n    Numberholder should provide his/her name, SSN, address, date of birth, place of birth,\n    and at least one other item of information available in SSA\xe2\x80\x99s records.\n\nBefore issuing an SSN Printout, field office staff is required to explain to the\nnumberholder that the Social Security card, not the SSN Printout, is the only official\nverification of the SSN. 5 In addition, if field office staff knows the applicant\xe2\x80\x99s SSN card\nwas lost, staff should encourage the numberholder to complete a replacement card\napplication. However, if the numberholder wants only the SSN Printout, the office must\nissue it, provided the individual\xe2\x80\x99s identity can be established. 6 To issue the printout,\nSSA employees need only query SSA\xe2\x80\x99s Numident file with the applicant\xe2\x80\x99s SSN, and\nselect \xe2\x80\x9cYes\xe2\x80\x9d at the system prompt asking whether an SSN Printout is desired.\n\n\n\n\n4\n    POMS GN.03340.015 B.1 through B.3.\n5\n    POMS RM 00202.320 E.1.\n6\n    Id.\n\n\n                                                  D-3\n\x0c                                                                       Appendix E\n\nScope and Methodology\nTo accomplish our objective, we performed the following steps.\n\n\xe2\x80\xa2   Reviewed pertinent sections of Federal laws, regulations and the Social Security\n    Administration\xe2\x80\x99s (SSA) policies and procedures.\n\n\xe2\x80\xa2   Reviewed Office of the Inspector General reports and other relevant documents.\n\n\xe2\x80\xa2   Obtained a data extract from SSA\xe2\x80\x99s Audit Trail System (ATS) that contained\n    detailed information on all SSN Verification Printouts (SSN Printouts) issued in\n    Fiscal Year (FY) 2006.\n\n\xe2\x80\xa2   Analyzed the ATS data to determine the\n    \xef\x83\x98 total SSN Printouts issued,\n    \xef\x83\x98 total numberholders who received an SSN Printout,\n    \xef\x83\x98 distribution of SSN Printouts by SSA field office and region,\n    \xef\x83\x98 25 field offices that issued the most SSN Printouts, and\n    \xef\x83\x98 total SSN Printouts received by SSN \xe2\x80\x93 in a day and year.\n\n\xe2\x80\xa2   Interviewed officials from 42 SSA field offices (including the 25 that issued the most\n    SSN Printouts in FY 2006), 4 district offices and 4 regional offices to determine\n    (1) their procedures for issuing SSN Printouts and (2) whether they received any\n    management information regarding the SSN Printout workload.\n\n\xe2\x80\xa2   Visited 21 of the 42 field offices we interviewed to observe their procedures for\n    processing SSN Printouts. In total, we observed SSA personnel issuing 72 SSN\n    Printouts. The SSN Printouts observed were not randomly selected.\n\n\xe2\x80\xa2   Interviewed representatives from SSA components involved in the development\n    and implementation of SSN Printout regulations and policies. These components\n    included the Offices of Operations, Income and Security Programs, Systems and\n    General Counsel.\n\nOur review of internal controls was limited to obtaining an understanding of SSA\xe2\x80\x99s\nprocedures and controls for issuing SSN Printouts. For our analysis, we generally\nrelied upon data from SSA\xe2\x80\x99s ATS. We determined that this data was sufficiently\nreliable to satisfy our audit objectives. The SSA entities audited were the Offices of\nOperations, Income and Security Programs, and General Counsel. We conducted the\n\n\n                                           E-1\n\x0caudit between November 2006 through May 2007 in Atlanta, Georgia, and Baltimore\nMaryland. We conducted this performance audit in accordance with generally accepted\ngovernment auditing standards. Those standards require that we plan and perform the\naudit to obtain sufficient, appropriate evidence to provide a reasonable basis for our\nfindings and conclusions based on our audit objectives. We believe the evidence\nobtained provides a reasonable basis for our findings and conclusions based on our\naudit objectives.\n\n\n\n\n                                         E-2\n\x0c                                                                 Appendix F\n\nThe SS-5 Assistant\nIn March 2005, the Social Security Administration (SSA) began requiring that its field\noffices use the SS-5 Assistant to process most Social Security number (SSN)\napplications. The purpose of the SS-5 Assistant was to increase the controls over the\nSSN application process and improve the quality of data used to assign SSNs. The\nSS-5 Assistant, a Microsoft Access-based application, guides field office personnel in\nprocessing SSN applications by providing structured interview questions and requiring\ncertain identity data to complete the application process.\n\nWhen field office staff process a replacement card application through the\nSS-5 Assistant, a record of the applicant\xe2\x80\x99s identity document(s) is established. For\nexample, field office staff record in the SS-5 Assistant the type of document presented\n(for example, a driver\xe2\x80\x99s license), the document\xe2\x80\x99s identification number, and other\npertinent information. Also, when the application is cleared for processing, the\nSS-5 Assistant updates the Modernized Enumeration System (MES) to reflect the SSN\ncard action. In contrast, when field office staff completes a Social Security Number\nVerification Printout (SSN Printout) action, only a print function within the Numident\nquery is executed. As a result, no record of the identity documents is established and\nno record is established on the Numident that a printout was issued.\n\nAt the time of our audit, field offices processed most replacement card applications\nthrough the SS-5 assistant. However, no path was available within the SS-5 assistant\nto document whether an SSN Printout was issued in conjunction with a successful\nreplacement card application. If such a path was available, field office personnel\xe2\x80\x99s\nresponse to a query could also be structured to print an SSN Printout when requested\nby the numberholder. Because a majority (about 73 percent) of the SSN Printouts are\nissued in conjunction with replacement card applications, this modified path within the\nSS-5 Assistant would increase the controls over most SSN Printouts.\n\nThe SS-5 Assistant would have to be further modified to account for situations where\nindividuals obtain an SSN Printout absent a replacement card application. The\nSS-5 Assistant would need a path for tracking the identity document(s) presented by\nthe numberholder.\n\nSSA is in the Planning and Analysis phase of developing the Social Security Number\nApplication Process (SSNAP), an automated SSN assignment system that will replace\nthe SS-5 Assistant and MES. The Agency is determining the user requirements for\nSSNAP and plans to implement this system within the next 2 years. Accordingly, any\nrecommendations we make in this report will address considerations we believe should\nbe given to the new system design.\n\x0c                                                              Appendix G\n\nTwenty-five Field Offices That Issued the Most\nSocial Security Number Verification Printouts\n                                   Social Security                  Percent of\n                  Field               Number         Replacement   Printouts to\n                 Office              Printouts          Cards      Replacement\n               Location                Issued          Issued         Cards\n1    Las Vegas, Nevada                 55,475          74,840          74.1\n2    Dallas (North), Texas             41,396          41,061         100.8\n3    San Antonio, Texas                38,308          29,261         130.9\n4    Houston (Southwest), Texas        35,707          41,282          86.5\n5    Cincinnati (Downtown), Ohio       35,133          21,954         160.0\n6    Grand Prairie, Texas              31,546          32,670          96.6\n7    Columbus, Ohio                    30,427          19,562         155.5\n8    Houston (Southeast), Texas        29,761          26,799         111.1\n9    Brooklyn, New York                26,404          78,973          33.4\n10   Dallas (Fair Park), Texas         25,967          19,151         135.6\n11   Fort Worth, Texas                 25,407          30,582          83.1\n12   Pasadena, Texas                   25,373          27,420          92.5\n13   Reno, Texas                       25,241          27,641          91.3\n14   El Paso, Texas                    24,855          23,762         104.6\n15   Mesa, Arizona                     23,781          37,730          63.0\n16   Balch Spring, Texas               22,467          21,651         103.8\n17   Houston (Northeast), Texas        22,360          26,910          83.1\n18   Nashville, Tennessee              22,278          23,869          93.3\n19   Birmingham, Alabama               22,062          23,638          93.3\n20   Terrytown, Louisiana              21,886          19,974         109.6\n21   Albuquerque, New Mexico           21,847          37,800          57.8\n22   Baton Rouge, Louisiana            21,376          23,538          90.8\n23   Cincinnati (North), Ohio          21,375          19,983         107.0\n24   Jackson, Mississippi              21,312          23,631          90.2\n25   Melbourne, Florida                21,254          20,579         103.3\n\x0c                  Appendix H\n\nAgency Comments\n\x0c                                           SOCIAL SECURITY\nMEMORANDUM\n\nDate:      October 25, 2007                                                          Refer To:   S1J-3\n\nTo:        James A. Kissko\n           Deputy Inspector General\n\nFrom:      David V. Foster      /s/ (David Rust for David Foster)\n           Chief of Staff\n\nSubject:   Revised Comments on the Office of the Inspector General (OIG) Draft Report, "Controls for\n           Issuing Social Security Number Verification Printouts" (A-04-07-27112)--INFORMATION\n\n           Thank you for the opportunity to review and revise our comments on the draft report. As noted\n           in our initial comments, we agree that it is important to protect the integrity of the Social Security\n           number (SSN) and the enumeration process while at the same time ensuring that people have\n           appropriate access to information that would be necessary to gain employment and other services\n           where the SSN is deemed essential.\n\n           For recommendations 1 and 2, we have considered your concerns and revised our response from\n           disagree to partially agree. We continue to believe that what OIG is recommending is\n           inconsistent with applicable Privacy Act and Personally Identifiable Information disclosure\n           policies. However, we acknowledge the threat of identity theft, and agree to evaluate the\n           effectiveness of improved controls to be implemented and will evaluate the current regulatory\n           requirements to determine what additional regulatory or non-regulatory measures may be used to\n           make disclosure of SSN printouts less vulnerable while ensuring that individuals\xe2\x80\x99 Privacy Act\n           rights are not violated.\n\n           For recommendation 4, we revised the response to agree that it is important to track actions taken\n           to issue an SSN Printout. We reaffirm our initial comments that stated: 1) we currently have\n           systems in place to obtain that data through the Audit Trail System; 2) by late fiscal year 2008\n           these actions will be captured through the Web based CIRP which will track both Numidents and\n           NUMI Lites (SSN Printouts); and 3) the Integrity Review Handbook contains instructions on the\n           review and certification of potential fraud or abuse cases. Our POMS GN 04100 contains\n           additional procedures for referral of cases to OIG.\n\n           Please let me know if we can be of further assistance. Staff inquiries may be directed to\n           Ms. Candace Skurnik, Director, Audit Management and Liaison Staff, at extension\n           (410) 965-4636.\n\n           Attachment:\n           Revised SSA Comments\n\n\n                                                            H-1\n\x0cREVISED COMMENTS ON THE OFFICE OF THE INSPECTOR GENERAL (OIG)\nDRAFT REPORT, "CONTROLS FOR ISSUING SOCIAL SECURITY NUMBER\nVERIFICATION PRINTOUTS" (A-04-07-27112)\n\nThank you for the opportunity to review and comment on the draft report. We agree that it is\nimportant to protect the integrity of the Social Security number (SSN) and the enumeration\nprocess while at the same time ensuring that people have appropriate access to information that\nwould be necessary to gain employment and other services where the SSN is deemed essential.\nWe also agree that there should be controls in place to ensure that the SSN Verification Printouts\n(SSN Printout) are not misused. However, any such procedures must comply with SSA\xe2\x80\x99s, the\nOffice of Management and Budget\xe2\x80\x99s (OMB) and other applicable Privacy Act and disclosure\nguidelines. The procedures must also provide flexibility for individuals who need immediate\nSSN documentation, but cannot provide the required evidentiary documents due to circumstances\nbeyond their control (i.e., victims of natural and unnatural disasters). Specific examples of\nsituations where we have experienced a large number of requests include displaced individuals as\na result of Hurricane Katrina and the September 11, 2001 terrorist attacks.\n\nOur responses to the specific recommendations are provided below.\n\nRecommendation 1\n\nRevise applicable Federal regulation and SSA policy governing individuals\xe2\x80\x99 right to access their\npersonal information maintained in the Agency\xe2\x80\x99s system of records. Specifically, we believe\nthese individuals should be required to present the same type of identity documents as\nreplacement Social Security card applicants.\n\nResponse\n\nWe partially agree. We believe that the applicable regulation (20 CFR 401.45) and policies for\nverifying identity are sufficient and establish requirements consistent with OMB Privacy Act\nGuidelines for providing individuals access to their records. These guidelines indicate that\nidentity requirements should be kept to a minimum and ensure an individual is not granted\nimproper access to records pertaining to another person. The guidelines also state that identity\nrequirements should not unduly impede the individual\xe2\x80\x99s right to access. Imposing additional\nrequirements for establishing identity may hinder the individual\xe2\x80\x99s legitimate right of access to\nhis/her records and create an unnecessary workload for employees who receive these requests.\nNevertheless, we acknowledge the threat of identity theft, and agree to evaluate the effectiveness\nof improved controls to be implemented and will evaluate the current regulatory requirements to\ndetermine what additional regulatory or non-regulatory measures may be used to make disclosure\nof SSN printouts less vulnerable while ensuring that individuals\xe2\x80\x99 Privacy Act rights are not\nviolated.\n\nCurrent Program and Operations Manual System (POMS) instructions are very clear regarding\nthe purpose of the SSN card compared to the SSN Printout. While the documents needed for\nidentity purposes are not as stringent for an SSN Printout, the Numident does contain special\nindicator codes alerting personnel to verify identity. These special indicator codes may also\n\n                                               H-2\n\x0cprevent an SSN Printout from printing. Refer to RM 00202.320.F. Procedure \xe2\x80\x93 SSN Verification\nPrintout Request Generates Alert.\n\nRecommendation 2\n\nEstablish an acceptable number of SSN Printouts an individual may obtain in a day, year or\nlifetime, and require specific management approval for requests exceeding that number.\n\nResponse\n\nWe partially agree. The Privacy Act establishes an individual\xe2\x80\x99s right of access to records\nmaintained by Federal agencies without limiting the number of times those records can be\nrequested. An SSN Printout is a record of an individual held by the Agency, and the Privacy Act\nand OMB Privacy Act guidelines do not limit access to such information. Additionally, the\nAgency\xe2\x80\x99s efforts to establish a limited number of times an individual may request SSN Printouts\nmay be arbitrary in nature and may have a negative effect on his/her legitimate right of access to\nthis information. Nevertheless, we acknowledge the need to balance responsibility for protecting\nSSNs with the obligation of providing individuals access to personal information in SSA\xe2\x80\x99s\npossession. Thus, we will assess the impact of limiting the number of SSN Printouts individuals\nmay request on their Privacy Act rights.\n\nWe also have considerable concerns regarding the resources that would be necessary to\nimplement the restrictions in this recommendation, since no misuse cases have been identified as\na result of the generation of multiple printouts. As part of our efforts to prevent abuse or misuse\nof SSN Printouts, current POMS RM 00202.320.C.2 states, "In general, you should issue no\nmore than one verification printout to a requestor at the same interview/same day." However,\nthe policy as written allows the interviewer flexibility to issue multiple printouts if needed or\nrequested.\n\nRecommendation 3\n\nEstablish procedures to perform routine integrity reviews of anomalies involving the issuance of\nSSN Printouts. Any cases involving potential SSN misuse should be referred to OIG.\n\nResponse\n\nWe partially agree. These actions will be captured through the Web-based Comprehensive\nIntegrity Review Process (CIRP), which is scheduled for implementation in fiscal year 2008. We\ndo not believe there is a need to establish special procedures for these cases. If abuse or misuse\ncases are identified through routine CIRP reviews, they will be referred to OIG for further action.\n\n\n\n\n                                                H-3\n\x0cRecommendation 4\n\nConsider developing a system or application similar to the SS-5 Assistant to document and track\nactions taken to issue an SSN Printout.\n\nResponse\n\nWe agree that it is important to track actions taken to issue an SSN Printout. We believe we\ncurrently have systems in place to obtain that data through the Audit Trail System and, by late\nfiscal year 2008, these actions will be captured through the WEB based CIRP process which is\nbeing developed. Also, as described in our response to recommendation 3, CIRP will track both\nNumidents and NUMI Lites (SSN Printouts). In addition to targeted criteria designated to\nmonitor transactions involving sensitive queries, Web CIRP will also provide anomaly reports\nand listings of sensitive queries performed by each employee sortable by SSN, type and date.\nThe Integrity Review Handbook contains instructions on the review and certification of potential\nfraud or abuse cases. Our POMS GN 04100 contains additional procedures for referral of cases\nto OIG.\n\nRecommendation 5\n\nDevelop and disseminate management information for the SSN Printout workload to responsible\nSSA personnel. At a minimum, the information should enable managers to identify anomalies in\nthe number of SSN Printouts issued by field offices and to numberholders.\n\nResponse\n\nWe partially agree. As indicated in our response to recommendation number 4, CIRP will make\ninformation available to managers on the verifications processed. We do not believe that\nmultiple printouts alone are indicators of possible fraud, abuse or misuse. We reviewed the\nmultiple printout cases identified in this audit and determined that none involved fraud, abuse or\nmisuse.\n\nRecommendation 6\n\nClarify SSA policies and the SSN Printout language to consistently communicate the Agency\xe2\x80\x99s\nofficial position as to whether the document is valid for SSN verification purposes.\n\nResponse\n\nWe agree. While our statement on the printout and policy clearly states, \xe2\x80\x9cthe Social Security\ncard is the official verification of a Social Security number,\xe2\x80\x9d we agree that the SSN Printout can\nbe confusing for the public and third parties as the title "SSN Verification Printout" is\nmisleading. We will clarify POMS instructions and the wording on the SSN Printout to provide\na consistent message; i.e., that the SSN Printout is not an official verification of an SSN. These\nactions will be completed by December 31, 2007.\n\n\n                                                H-4\n\x0cRecommendation 7\n\nExtend outreach to employers, Department of Motor Vehicles (DMV) and other third parties in\nareas where the demand for SSN Printouts is high to raise the awareness that SSA offers\nverification services.\n\nResponse\n\nWe agree. We will continue our outreach efforts with employers regarding the procedures and\ntypes of SSN verification services we provide. We will also remind our employees who perform\noutreach activities with DMVs and other third parties to raise the awareness that we offer various\nverification services.\n\nRecommendation 8\n\nIssue a reminder to field office staff that SSN Printouts should only be issued when the\nnumberholder expresses an immediate need for a verification of the SSN.\n\nResponse\n\nWe disagree. Current policy does not dictate that the number holder express an "immediate\nneed" for this information. As previously noted, the Privacy Act protects an individual\xe2\x80\x99s right to\naccess his or her records. Furthermore, OMB\xe2\x80\x99s Privacy Act guidelines indicate that the granting\nof access may not be conditioned upon any requirement to state a reason or otherwise justify the\nneed to gain access to a particular record.\n\n\n\n\n                                               H-5\n\x0c                                                                       Appendix I\n\nOIG Contacts and Staff Acknowledgments\nOIG Contacts\n\n   Kimberly Byrd, Director, Southern Audit Division, (205) 801-1650\n\n   Frank Nagy, Audit Manager, (404) 562-5552\n\nAcknowledgments\n\nIn addition to those named above:\n\n   Shane Henley, Auditor\n\n   Mike Leibrecht, Senior Auditor\n\nFor additional copies of this report, please visit our web site at\nwww.socialsecurity.gov/oig or contact the Office of the Inspector General\xe2\x80\x99s Public\nAffairs Specialist at (410) 965-3218. Refer to Common Identification Number\nA-04-07-27112.\n\x0c                           DISTRIBUTION SCHEDULE\n\nCommissioner of Social Security\nOffice of Management and Budget, Income Maintenance Branch\nChairman and Ranking Member, Committee on Ways and Means\nChief of Staff, Committee on Ways and Means\nChairman and Ranking Minority Member, Subcommittee on Social Security\nMajority and Minority Staff Director, Subcommittee on Social Security\nChairman and Ranking Minority Member, Subcommittee on Human Resources\nChairman and Ranking Minority Member, Committee on Budget, House of\nRepresentatives\nChairman and Ranking Minority Member, Committee on Government Reform and\nOversight\nChairman and Ranking Minority Member, Committee on Governmental Affairs\nChairman and Ranking Minority Member, Committee on Appropriations, House of\nRepresentatives\nChairman and Ranking Minority, Subcommittee on Labor, Health and Human Services,\nEducation and Related Agencies, Committee on Appropriations,\n House of Representatives\nChairman and Ranking Minority Member, Committee on Appropriations, U.S. Senate\nChairman and Ranking Minority Member, Subcommittee on Labor, Health and Human\nServices, Education and Related Agencies, Committee on Appropriations, U.S. Senate\nChairman and Ranking Minority Member, Committee on Finance\nChairman and Ranking Minority Member, Subcommittee on Social Security and Family\nPolicy\nChairman and Ranking Minority Member, Senate Special Committee on Aging\nSocial Security Advisory Board\n\x0c               Overview of the Office of the Inspector General\nThe Office of the Inspector General (OIG) is comprised of our Office of Investigations (OI),\nOffice of Audit (OA), Office of the Chief Counsel to the Inspector General (OCCIG), and Office\nof Resource Management (ORM). To ensure compliance with policies and procedures, internal\ncontrols, and professional standards, we also have a comprehensive Professional Responsibility\nand Quality Assurance program.\n                                         Office of Audit\nOA conducts and/or supervises financial and performance audits of the Social Security\nAdministration\xe2\x80\x99s (SSA) programs and operations and makes recommendations to ensure program\nobjectives are achieved effectively and efficiently. Financial audits assess whether SSA\xe2\x80\x99s\nfinancial statements fairly present SSA\xe2\x80\x99s financial position, results of operations, and cash flow.\nPerformance audits review the economy, efficiency, and effectiveness of SSA\xe2\x80\x99s programs and\noperations. OA also conducts short-term management and program evaluations and projects on\nissues of concern to SSA, Congress, and the general public.\n\n\n                                    Office of Investigations\nOI conducts and coordinates investigative activity related to fraud, waste, abuse, and\nmismanagement in SSA programs and operations. This includes wrongdoing by applicants,\nbeneficiaries, contractors, third parties, or SSA employees performing their official duties. This\noffice serves as OIG liaison to the Department of Justice on all matters relating to the\ninvestigations of SSA programs and personnel. OI also conducts joint investigations with other\nFederal, State, and local law enforcement agencies.\n\n\n                   Office of the Chief Counsel to the Inspector General\nOCCIG provides independent legal advice and counsel to the IG on various matters, including\nstatutes, regulations, legislation, and policy directives. OCCIG also advises the IG on\ninvestigative procedures and techniques, as well as on legal implications and conclusions to be\ndrawn from audit and investigative material. Finally, OCCIG administers the Civil Monetary\nPenalty program.\n                              Office of Resource Management\nORM supports OIG by providing information resource management and systems security. ORM\nalso coordinates OIG\xe2\x80\x99s budget, procurement, telecommunications, facilities, and human\nresources. In addition, ORM is the focal point for OIG\xe2\x80\x99s strategic planning function and the\ndevelopment and implementation of performance measures required by the Government\nPerformance and Results Act of 1993.\n\x0c'